"But what about HIPAA?" We get this question a lot. Probably because we do a lot of social media and a lot of healthcare. So we thought we'd put some of the common answers in print.
First, it's important to understand that HIPAA laws simply state that a patient has control of his or her own protected health information. No one else can release that information without consent of the patient.
"But what about HIPAA?" We get this question a lot. Probably because we do a lot of social media and a lot of healthcare. So we thought we'd put some of the common answers in print.
First, it's important to understand that HIPAA laws simply state that a patient has control of his or her own protected health information. No one else can release that information without consent of the patient.
So by simply following these 5 key don'ts and 5 key dos you can happily embrace your social media strategy, avoiding any need for those meds.
Don'ts:
-
Don't talk about patients, even in general terms, unless you have written permission.
They can talk about themselves on your Facebook page, but you cannot talk specifically about Mrs. Mary Smith or generically about the patient who came into the ER last night with a bad case of herpes. Either one can get you in trouble. Be sure your patient consent forms are HIPAA compliant. -
Don't post photos of patients online without their written permission.
And post a sign in your hospital saying picture taking is not permissible — that way, if someone takes a picture and posts it without proper steps, you are not liable. -
Don't practice medicine or give specific medical advice on line.
Always take personal medical questions and conversations offline, encouraging a one-on-one follow up if clinical advice is requested. -
Don't believe that Facebook or any social media site is private.
Even though you can limit the privacy settings, this doesn't limit the ability for sharing and/or distribution of your content. -
Don't believe that a post can be deleted and no one will see it.
You can delete a post and should remove those that violate HIPAA regulations by disclosing protected health information, but understand there is always a chance that the post can be retrieved or recirculated.
Dos:
-
Do set social media policies and procedures.
Like any other policies and procedures, this will set clear expectations of your social media forums and how you will interact with your patients. Gain approval from your legal department. -
Do post social media policies and procedures on your social platforms.
These should be prominently displayed, serving as helpful guidance as well as disclaimers. -
Do train your staff on your social media policies and procedures.
This is critical to your success, and should include examples of social networking HIPAA breaches to accentuate your position. -
Do monitor your pages daily.
Since the objective of social media is to engage people in conversation, this responsiveness is critical in building a trusted relationship. -
Do contact an experienced attorney if you have been accused of violating patient privacy in your social media.
If you're following the key dos and don'ts, this should be avoided. However, should an unfortunate event occur, promptly seek legal advice.
Watch for new technology that will monitor social media sites for HIPAA violations, currently in development by Novarus Healthcare, LLC. Until then, we encourage you to enjoy venturing into the social media world, while using these common sense guidelines.